How LA's Traffic System Got Hijacked

Xavier Aaronson

Recall that scene in The Italian Job when Michael Caine's character taps into the computer-controlled traffic system, unleashing a chaotic traffic jam that paralyzes the city of Turin? Well, other than it leading to a wonderful car chase, could this slice of fiction have been nearly half a century ahead of its hacking time?

In the debut episode of our three-part series titled "Phreaked Out," we took a retrospective look at one day in August of 2006, when two Los Angeles traffic engineers, Kartik Patel and Gabriel Murillo, were alleged to have remotely accessed the city's traffic control system and tampered with the light sequences at four main intersections of the city, as part of a labor union protest.

Although there was not much evidence of the attack, their disruptions were reported to have triggered a state of gridlock that lasted days. In 2009, Patel and Murillo copped to the deed, which stood as a reminder that the city of Los Angeles, like countless other metropolises, relies on a certain degree of computerized and internet-connected control systems that are vulnerable to exploitation.

For example, New York City recently had its traffic control system breached by a security expert who—with the help from some $100 hardware—exposed alarming flaws in the sensors that control the city's light signals.

While the focus here is on traffic lights, other connected mechanisms that keep cities running can present similar flaws. Any internet-connected system is a potential vulnerability, including those that control dams, power plants and heating-control systems, whose hardware can even occasionally be found on public search engines like Shodan.

Some hackers argue that without the publicized—and sometimes unauthorized—penetration of these systems, vulnerabilities would remain for more malicious actors. Making this security flaws public pressures manufacturers to make technology more secure, and forces government officials to update old, weak systems.